+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 23rd, 2002 Volume 4, Number 20a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_privatebenat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
Linux Advisoiry Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for bugzilla, lv, mysql, sendmail,
bitchx, PHP, gnupg, cdrtools, xinetd, fileutils, lpr, epic4, glibc,
mod_ssl, and quotacheck. The distributors include Conectiva, Debian,
Guardian Digital, Gentoo, Immunix, Mandrake, OpenPKG, RedHat, and
Slackware. There were not any advisories that particularly caught my
attention. Perhaps the most serious are lpr, cdrecord, and lv, all of
which may result in a local root compromise. If you are using these
packages, they should be updated immediately.
Many of you probably have experience in general network security. Also,
many of you have probably worked with wireless equipment. In the last
three years I've seen hundreds of articles and whitepapers on how to
improve the security of wireless networks. Each paper usually falls into
two categories. First, I have found that about 80% of the papers are too
broad and do not provide any useful information. The other 20% of
articles/whitepapers are helpful in that they focus on specific issues.
Recently, I had the opportunity to read the O'Reilly book, "802.11
Security." It was written by Bruce Potter and Bob Fleck and published
early this year. If you are looking for a overall source for 802.11
security, I highly recommend this book. Although it is only 176 pages
long, it is cram-packed with information. Like all O'Reilly books, it is
suitable and interesting enough to read from cover-to-cover or can be
easily used as a reference.
The book begins with an introduction to wireless networking and quickly
moves into explaining types of attacks and potential risks. The second
part book focuses on locking down five types of wireless workstations. It
includes specific chapters that cover FreeBSD, Linux, OpenBSD, OS X, and
Windows. Next, it covers aspects pertaining to access point security and
provides guidance on how to build a Linux, FreeBSD, or OpenBSD gateway.
The book concludes with a chapter on authentication and encryption, and a
chapter that discusses several wireless networking issues and predicts
what the future will hold. Although no one can claim that this book is
fully comprehensive, it does provide enough information to get started.
Some of you will probably be looking for more detailed information, while
others will think that it is the perfect dose. Once again, if you are
looking for a general book on 802.11 security, take a look at what
O'Reilly has to offer.
Until next time,
Benjamin D. Thomas
benat_private
LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez
Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will
encounter: Host and Network based.
http://www.linuxsecurity.com/feature_stories/feature_story-143.html
----
At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next
generation of the Community edition of EnGarde Secure Linux - the secure
and easy to manage system for building a complete Internet presence while
protecting your information assets.
Download the FREE trial today!
http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=freetrial
--------------------------------------------------------------------
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
--------------------------------------------------------------------
Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out
there. While placing a network IDS outside one's firewall might also
provide a similar flood of alerts, a honeypot provides a unique
prospective on what will be going on when a related server is compromised
used by the intruders.
http://www.linuxsecurity.com/feature_stories/feature_story-141.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
5/22/2003 - bugzilla
multiple vulnerabilities
There are multiple vulnerabilities in bugzilla.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3280.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
5/16/2003 - lv
privilege escalation vulnerability
lv reads options from a configuration file in the current
directory. Because such a file could be placed there by a
malicious user, and lv configuration options can be used to
execute commands, this represented a security vulnerability.
http://www.linuxsecurity.com/advisories/debian_advisory-3263.html
5/16/2003 - mysql
privilege escalation vulnerability
There are multiple vulnerabilities in the mysql package.
http://www.linuxsecurity.com/advisories/debian_advisory-3264.html
5/16/2003 - sendmail
insecure tmp file vulnerability
aul Szabo discovered bugs in three scripts included in the
sendmail package where temporary files were created insecurely
(expn, checksendmail and doublebounce.pl).
http://www.linuxsecurity.com/advisories/debian_advisory-3265.html
5/19/2003 - bitchx
multiple vulnerabilities
Timo Sirainen discovered several overflow problems in BitchX.
http://www.linuxsecurity.com/advisories/debian_advisory-3274.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
5/20/2003 - 'swatch' incorrect value in default configuration
multiple vulnerabilities
A bug was recently discovered in the default configuration of the
daily log summaries. The default address is set incorrectly
causing daily summaries to bounce until the system is ran through
the initial configuration process or the admin e-mail address is
changed.
http://www.linuxsecurity.com/advisories/engarde_advisory-3277.html
5/21/2003 - PHP
debugging and PEAR fixes
This update disables debugging and enables support for PEAR in
EnGarde's PHP packages.
http://www.linuxsecurity.com/advisories/engarde_advisory-3278.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/16/2003 - gnupg
key validation bug
As part of the development of GnuPG 1.2.2, a bug was discovered in
the key validation code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
5/16/2003 - ut2003-demo passive DOS exploit
key validation bug
There is a negative sign bug in the unreal tournement engine.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3267.html
5/18/2003 - cdrtools
privilege escalation vulnerability
Incorrect link fixed. A vulnerability in cdrecord that could lead
to a root compromise was discovered. cdrecord is not installed
suid by default in Gentoo.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3272.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/19/2003 - lv
arbitrary command execution vulnerability
Previous versions of lv read the file .lv in the current
directory. Becuse this file could be created by other users and
could contain malicious commands to execute upon viewing certain
files this is considered a potential local root exploit.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3275.html
5/19/2003 - xinetd
denial of service vulnerability
Steve Stubb has discovered that xinetd leaks 144 bytes for every
connection it rejects.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3276.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
5/16/2003 - fileutils
race condition vulnerability
Steve Stubb has discovered that xinetd leaks 144 bytes for every
connection it rejects.
http://www.linuxsecurity.com/advisories/immunix_advisory-3270.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
5/22/2003 - cdrecord
privilege escalation vulnaerbility
A vulnerability in cdrecord was discovered that can be used to
obtain root access because Mandrake Linux ships with the cdrecord
binary suid root and sgid cdwriter.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3281.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
5/22/2003 - lpr
buffer overflow vulnerability
A buffer overflow was discovered in the lpr printer spooling
system that can be exploited by a local user to gain root
privileges.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3282.html
+---------------------------------+
| Distribution: OpenPKG | ----------------------------//
+---------------------------------+
5/16/2003 - gnupg
incorrect key validation vulnerability
The GNU Privacy Guard (GnuPG) development team discovered that the
key validation code in GnuPG 1.2.1 and older versions does not
properly determine the validity of keys with multiple user IDs
http://www.linuxsecurity.com/advisories/other_advisory-3273.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
5/16/2003 - lv
privilege escalation vulnerability
A bug has been found in versions of lv that read a .lv file in the
current directory. Local attackers can use this to place an .lv
file in any directory to which they have write access.
http://www.linuxsecurity.com/advisories/redhat_advisory-3269.html
5/21/2003 - gnupg
key validation bug
Updated gnupg packages correcting a bug in the GnuPG key
validation functions are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-3279.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
5/22/2003 - epic4
multiple vulnerabilities
New EPIC4 packages are available to fix security problems found by
Timo Sirainen.
http://www.linuxsecurity.com/advisories/slackware_advisory-3283.html
5/22/2003 - bitchx
multiple vulnerabilities
Timo Sirainen discovered several overflow problems in BitchX.
http://www.linuxsecurity.com/advisories/slackware_advisory-3284.html
5/22/2003 - glibc
buffer overflow vulnerability
An integer overflow in the xdrmem_getbytes() function found in the
glibc library has been fixed.
http://www.linuxsecurity.com/advisories/slackware_advisory-3285.html
5/22/2003 - gnupg
key validation bug
A key validation bug which results in all user IDs on a given key
being treated with the validity of the most-valid user ID on that
key has been fixed with the release of GnuPG 1.2.2.
http://www.linuxsecurity.com/advisories/slackware_advisory-3286.html
5/22/2003 - mod_ssl
timing based attack vulnerability
This version provides RSA blinding by default which prevents an
extended timing analysis from revealing details of the secret key
to an attacker.
http://www.linuxsecurity.com/advisories/slackware_advisory-3287.html
5/22/2003 - quotacheck
vulnerability
An upgraded sysvinit package is available which fixes a problem
with the use of quotacheck in /etc/rc.d/rc.M.
http://www.linuxsecurity.com/advisories/slackware_advisory-3288.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.